Gentoo Archives: gentoo-dev

From: Kim Nielsen <kn@××××××××××.dk>
To: Kim Nielsen <kn@××××××××××.dk>
Cc: "Conny R. Landstedt" <connyl@×××××××.se>, gentoo-dev@g.o
Subject: Re: [gentoo-dev] Gentoo Linux Security Guide
Date: Mon, 24 Jun 2002 12:50:19
Message-Id: 1024941124.5363.3.camel@thoth.insecurity.dk
In Reply to: Re: [gentoo-dev] Gentoo Linux Security Guide by Kim Nielsen
1 On Mon, 2002-06-24 at 07:51, Kim Nielsen wrote:
2
3 > No .. since --sport would be the client port and not the actual port of
4 > the service
5 >
6 > example:
7 >
8 > You create a http request to gentoo.org and this is what happens
9 >
10 > 1. get ip for gentoo.org (64.57.168.198)
11 > 2. allocate a client port
12 > 3. send request from <ip>:<port> (Source) to 64.57.168.198:80
13 > (Destination)
14 >
15 > The http server on gentoo.org says:
16 > 1. I got a request on port 80
17 > 2. send request back to <ip>:<port>
18 >
19 > And if the firewall is install it checks the allowed chains if anyone is
20 > allowed to send packets to port 80 (The servers port 80, destination
21 > port) ..
22 [SNIP]
23
24
25 > if you where to use sport instead of dport you would only allow the
26 > packet if the user sends from client port 80 which is very unlikely
27 > since ports below 1024 is privileged ports
28
29 I'm sorry ..you are right .. I misunderstood your last mail it will be
30 corrected as soon as possible
31
32 /Kim